House GOP Passes Cybersecurity Bill Over Obama Veto Threat

The U.S. House passed cybersecurity legislation backed by companies including Boeing Co. and AT&T Inc., defying a veto threat by President Barack Obama’s administration over what it called inadequate privacy protections.

The bill gives companies immunity from lawsuits when they voluntarily share information, such as threats to computer networks and malicious source code, with each other and the U.S. government. It passed on a vote of 288 to 127.

“This is not a surveillance bill,” Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, said today during debate. “It is paramount that we protect individual privacy in the conduct of sharing cyberthreat information.”

Congress is renewing a push to pass cybersecurity legislation following warnings by U.S. intelligence officials that electronic attacks could disrupt the nation’s banks, utilities, telecommunications networks and other essential services. It isn’t clear whether the Senate will take up the House bill or offer its own version.

The threat of cyber attacks has for the first time become a greater concern than terrorism, James Clapper, the top U.S. intelligence official, told the House Intelligence Committee during an April 11 hearing. The Chinese army may be behind the hacking of at least 141 companies worldwide since 2006, according to a Feb. 19 report from Alexandria, Virginia-based Mandiant Corp.

Veto Threat

The bill doesn’t require companies “to take reasonable steps” to remove personal information when sharing cybersecurity data with the government or other companies, the White House said April 16 in a statement on the veto threat.

“Citizens have a right to know that corporations will be held accountable -- and not granted immunity -- for failing to safeguard personal information adequately,” according to the administration statement.

Legal protections for companies in the legislation are too broad while private-sector information shared with the government should go through a civilian agency, such as the Department of Homeland Security, the White House said. The bill would allow companies to share information directly with the Defense Department, including the National Security Agency.

Rogers said his committee amended the bill to include greater privacy protections, such as requiring the government to minimize collection of information that could identify citizens and denying companies legal protections if they use cyberthreat data to hack each other.

’Digital Bombs’

The House adopted amendments to the bill during floor debate yesterday and today. Most aimed to add privacy safeguards when it comes to how cyberthreat data is used and shared by companies and the government.

For example, an amendment from Rogers states that nothing in the bill would authorize the Pentagon or intelligence agencies “to target a United States person for surveillance.”

An amendment from Representative Michael McCaul, a Texas Republican, states that the Homeland Security Department will serve as the civilian face of the government when it comes to receiving information from companies. The amendment also states that the Justice Department will serve as the hub for collecting information about cyber crimes.

McCaul likened cyber threats to the April 15 bombing attack in Boston. “In the case in Boston they were real bombs,” he said. “In this case they’re digital bombs. And the digital bombs are on their way.”

Corporate Support

Democrats including Representatives Adam Schiff and Anna Eshoo of California, Jan Schakowsky of Illinois and Rush Holt of New Jersey, proposed amendments they said would have improved privacy protections. The Republican-controlled House Rules Committee, which sets parameters for floor debate, rejected the amendments.

Along with Boeing and AT&T, the bill is supported by more than 60 companies and industry trade groups, including Comcast Corp., Verizon Communications Inc., International Business Machines Corp., the Business Roundtable, the Financial Services Roundtable and TechAmerica.

“Improving and extending information sharing between private industry and the government is necessary to better protect our nation’s digital infrastructure and respond to the latest, evolving cyberthreats,” Kevin Richards, senior vice president for TechAmerica, wrote in a letter to House Speaker John Boehner of Ohio and Democratic leader Nancy Pelosi of California.

The House passed a version of the bill 248-168 a year ago in April after the White House threatened to veto it. The legislation died when the Senate didn’t take it up.

A different cybersecurity bill in the Senate was blocked by Republicans who said it would lead to regulation.

Former Senator Joe Lieberman, a Connecticut independent who led the Homeland Security and Governmental Affairs Committee, was the driving force behind the Senate’s cyber bill last year. He didn’t run for re-election.

Senator Tom Carper, a Delaware Democrat, is the new chairman of the committee. While he’s said cybersecurity legislation is needed, he hasn’t introduced a bill.